Download Quantum Error-Correction Codes on Abelian Groups

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Particle in a box wikipedia , lookup

Bell test experiments wikipedia , lookup

Copenhagen interpretation wikipedia , lookup

Algorithmic cooling wikipedia , lookup

Bra–ket notation wikipedia , lookup

Measurement in quantum mechanics wikipedia , lookup

Scalar field theory wikipedia , lookup

Quantum field theory wikipedia , lookup

Max Born wikipedia , lookup

Hydrogen atom wikipedia , lookup

Probability amplitude wikipedia , lookup

Quantum dot wikipedia , lookup

Coherent states wikipedia , lookup

Density matrix wikipedia , lookup

Quantum decoherence wikipedia , lookup

Many-worlds interpretation wikipedia , lookup

Quantum fiction wikipedia , lookup

Path integral formulation wikipedia , lookup

Quantum entanglement wikipedia , lookup

Orchestrated objective reduction wikipedia , lookup

History of quantum field theory wikipedia , lookup

Interpretations of quantum mechanics wikipedia , lookup

Bell's theorem wikipedia , lookup

Symmetry in quantum mechanics wikipedia , lookup

Quantum machine learning wikipedia , lookup

Quantum computing wikipedia , lookup

Canonical quantization wikipedia , lookup

Hidden variable theory wikipedia , lookup

Quantum group wikipedia , lookup

T-symmetry wikipedia , lookup

EPR paradox wikipedia , lookup

Quantum state wikipedia , lookup

Quantum teleportation wikipedia , lookup

Quantum key distribution wikipedia , lookup

Transcript
Iranian Journal of Mathematical Sciences and Informatics
Vol. 5, No. 1 (2010), pp. 55-67
DOI: 10.7508/ijmsi.2010.01.007
Quantum Error-Correction Codes on Abelian Groups
Massoud Amini
Department of Mathematics, Faculty of Mathematical Sciences, Tarbiat
Modares University, P.O. Box 14115-134, Tehran, Iran
E-mail:
[email protected]
Abstract. We prove a general form of bit flip formula for the quantum
Fourier transform on finite abelian groups and use it to encode some
general CSS codes on these groups.
Keywords: quantum error correction, qunatum Fourier transform, quantum
channel.
2000 Mathematics subject classification: 81P68.
1. Introduction
In classical public key cryptography the security of the cryptosystems are
based on the difficulty of calculating certain functions. A famous example is
the ASP cryptosystem which was based on the assumption that factoring large
integers could not be done in polynomial time (on classical computers). The
typical situation in these systems is that two parties (Bob and Alice) wish to
communicate in secret. Instead of sharing a secrete key in advance (which
confront us with the relatively difficult issue of secret key distribution), Bob
announces a public key which is used by Alice to encrypt a message, sent to
Bob. The encryption is done in a clever way so that if a third party (Eve) wants
to decrypt it a non feasible amount of calculation is needed. Bob, however, has
a secret key of his own which enables him to do the encryption in real time.
This research was done while I was visiting University of Calgary, I would like to thank
Department of Mathematics and Statistics of UC for their support. I am also grateful to
Professor Richard Cleve for his moral support.
Received 07 February 2010; Accepted 29 April 2010
c
2010
Academic Center for Education, Culture and Research TMU
55
56
Massoud Amini
Quantum cryptography has a different way of keeping things secret. The
difficulty of some calculations is replaced by the impossibility of some calculations according to the laws of quantum mechanics. The first example of
the quantum key distribution protocol was published in 1984 by Bennett and
Brassard [1] which is now called BB84 code. The security of this protocol is
guaranteed by the impossibility of measuring the state of a quantum system in
two conjugate bases simultaneously. A complete proof of security against any
possible attack (i.e. any combination of physical operations permitted by the
laws of quantum mechanics) was given later [6], [7], [2]. A simple proof of this
fact is proposed by Shor and Preskill in [10]. They first showed the security
of a modified Lo-Chau code which is a entanglement purification protocol and
uses EPR pairs. Then they showed that it is equivalent to a quantum error
correcting code, namely the CSS code introduced independently in [3] and [11].
This later code was constructed on the vector space {0, 1}n after the classical
binary codes. Finally they reduced the CSS code to BB84. The basic idea of
this final step was to avoid the quantum memory and reduce the encoding and
decoding to classical computations.
The encoding part in the CSS protocol in [10] was based on the following
1
x.y
property of linear codes: If C is a linear code then the value of |C|
y∈C (−1)
⊥
⊥
is 1 or 0 when x ∈ C or x ∈
/ C , respectively. This is used to show that the
Hadamard gate transforms the state
1 (−1)a.y |y + b
|C| y∈C
to the state
(−1)a.b (−1)b.y |y + a
|C ⊥ | y∈C ⊥
In this paper we generalize this observation to the setting of arbitrary finite
abelian groups (note that in linear coding theory {0, 1}n is treated as a vector
space, but it is also an abelian group). We show that for a finite abelian group
G, a subgroup H, and elements a, b ∈ G, the quantum Fourier transform sends
the state
1 χa (z)|z + b
|H|
z∈H
to the state
χa (b) χb (z)|z + a
|H ⊥ |
⊥
z∈H
where {χx : x ∈ G} is a Fourier basis for G and
H ⊥ = {x ∈ G : χx (y) = 1 (y ∈ H)}.
We use this to build a version of CSS code adapted to the group case. We
show that the calculations of [10] carries over and we can reduce this code to a
Quantum error-correction codes on abelian groups
57
generalized version of BB84 built on group G. The paper continues as follows.
In section 2 we introduce the quantum Fourier transform on a finite abelian
group G and prove the above statement. In section 3 we discuss quantum error
correction codes and introduce the CSS code on G. In the last section we above
mentioned two protocols and show their equivalence.
2. quantum Fourier transform
Let G be a finite abelian (additive) group. Let H = CG be a Hilbert space
with the orthonormal basis {|x : x ∈ G}, called the standard basis of H. There
is a natural action of G on H by translation
x : |y → |x + y (x, y ∈ G)
Note that CG is also an algebra under the convolution product
(
cx |x) ∗ (
dx |y) =
(
cx dy )|z
x∈G
z∈G x+y=z
y∈G
A character on G is a nonzero group homomorphism χ : G → T, where T is the
multiplicative group of the complex numbers of modulus 1. The values χ(x)
are |G|-th roots of unity. The set Ĝ of all characters on G is an abelian group
with respect to the pointwise multiplication and is called the dual group of G.
It is well known that |Ĝ| = |G| and so we may index the elements of Ĝ by
elements of G, and write Ĝ = {χx : x ∈ G}. Indeed in the finite group case
we have, Ĝ G, so we may assume that χx χy = χx+y and χx (y) = χy (x), for
each x, y ∈ G, and χ0 ∼
= 1. Also we have the Schur’s orthogonality relations
1 χy (x)χz (x) = δyz (y, z ∈ G).
|G|
x∈G
For each x ∈ G consider the state
1 |χx =
χx (y)|y,
|G|
y∈G
then the above orthogonality relations imply that {|χx : x ∈ G} forms a
orthonormal basis for H, called the Fourier basis of H. This basis is translation
invariant in the sense that
x|χy = χy (x)|χy (x, y ∈ G)
The quantum Fourier transform on G is the unitary operator FG : H → H
defined by
1 |x → χx (y)|y (x, y ∈ G)
|G| y∈G
Note that one can extend this map by linearity on H (see [4]). Two classical
examples are G = Zm where
χk () = e2πik/m
k, = 0, . . . , m − 1
58
Massoud Amini
and G = {0, 1}n where
χx (y) = (−1)x.y
(x, y ∈ {0, 1}n )
in which FG is the usual discrete Fourier transform DF Tm on Zm and the
Hadamard transform Hn , respectively.
Each element of Ĝ could be extended by linearity to a linear functional on
CG. This is indeed a multiplicative functional with respect to the convolution
product and Ĝ exhausts the set of all multiplicative linear functionals [9]. The
well known Peter-Weil theorem applied to the finite group G, tells us that Ĝ is
an orthonormal basis for the linear dual space (CG)∗ . In particular (CG)∗ CĜ. For each subset H ⊆ G, CH is a subspace of CG, generated by {|x : x ∈
/H) [9]. This
H}. If H is a subgroup of G (we write H ≤ G), then H ⊥ (G
notion goes in parallel with the notion of the orthogonal complement L⊥ for
a subspace L ≤ CG. Of course (CH)⊥ and CH ⊥ are not the same (even the
dimensions don’t match).
Lemma 2.1. If H ≤ G and x ∈ G\H ⊥ , then there is K ≤ H with [H : K] = 2
and x0 ∈ H of order two such that H = K ∪ (K + x0 ), K ∩ (K + x0 ) = ∅, and
χx (x0 ) = −1.
Proof Consider the subspace L ≤ CH with L⊥ = CH ⊥ , x. Then L has
codimension 1 in CH, so we can write H = K ∪ {x0 } for some 0 = x0 ∈ H and
K ⊆ H with L = CK and CH = L, x0 . Since 0 ∈ K so x0 ∈ K + x0 and
therefore H ⊆ K ∪ (K + x0 ). But H is a group, so K ∪ (K + x0 ) ⊆ H, that is
H = K ∪(K + x0 ). Now if K ∩(K + x0 ) = ∅, then x0 ∈ L, which is not possible.
To see that K is a subgroup of H take x, y ∈ K, then x − y ∈ H = K ∪ K + x0 ,
but x − y ∈ K + x0 would imply that x0 ∈ CK = L which is again impossible,
so x − y ∈ K. Now K has exactly two cosets in H, so [H : K] = 2 and the
group generated by x0 is isomorphic to the quotient group H/K of order 2, so
x0 has order 2. In particular χx (x0 ) = 1 or −1. But x ∈ (CK)⊥ so χx (k) = 1,
for each k ∈ K. Hence χx (x0 ) = 1 (otherwise x ∈ H ⊥ ), and so χx (x0 ) = −1.
Lemma 2.2. For each x ∈ G and H ≤ G we have
χx (y) =
y∈H
|H| if x ∈ H ⊥
0
otherwise
Proof If x ∈ H ⊥ then
y∈H
χx (y) =
y∈H
1 = |H|
Quantum error-correction codes on abelian groups
59
If x ∈
/ H ⊥ , then with the notation of the above lemma
χx (y) =
y∈H
χx (y) +
y∈K
=
y∈K
=
χx (y)
y∈K+x0
χx (y) +
χx (y + x0 )
y∈K
(1 + χx (x0 ))χx (y) = 0.
y∈K
For each x, y ∈ G let |xy| be the rank one operator on H = CG defined by
(|xy|)|z = y|z|x (z ∈ G)
then one can decompose the quantum Fourier transform as a combination of
rank one operators.
Lemma 2.3. FG = √1
|G|
x,y∈G χx (y)|yx|.
Proof If FG is defined by above formula, then for each z ∈ G
1
1
FG |z = χx (y)|yx|z = χx (y)δxz |y
|G| x,y∈G
|G| x,y∈G
1 χx (y)|y.
= |G| y∈G
Now we are ready to prove the main result of this section.
Theorem 2.1. Let a, b ∈ G and H ≤ G and consider the state
1 χa (z)|z + b
|ψ = |H| z∈H
then
χa (b) χb (z)|z + a.
FG |ψ = |H ⊥ | z∈H ⊥
Proof If we use the above lemma and the fact that
χz+b (y) = χz (y)χb (y), χz (y) = χy (z) (y, z ∈ G)
60
Massoud Amini
we have
1
χx (y)|yx|
χ−a (z)|z + b
FG |ψ = |G||H| x,y∈G
z∈H
1
χx (y)χ−a (z)|yx|z + b
= |G||H| x,y∈G z∈H
1
= χz+b (y)χ−a (z)|y
|G||H| y∈G z∈H
1
χz (y)χb (y)χ−a (z)|y
= |G||H| y∈G z∈H
1
χy (z)χb (y)χ−a (z)|y
= |G||H| y∈G z∈H
1
= χb (y)χy−a (z)|y
|G||H| y∈G z∈H
1 1 χy−a (z)
χb (y)|y
= |H|⊥ |H|
z∈H
1
= |H|⊥
y∈G
χb (y)|y
y−a∈H ⊥
1
= χb (z + a)|z + a
|H|⊥ z∈H ⊥
χb (a) = χb (z)|z + a
|H|⊥ z∈H ⊥
χa (b) = χb (z)|z + a.
|H|⊥ z∈H ⊥
3. quantum error correcting codes
A quantum channel Q is a trace preserving completely positive linear map
Q : Hin → Hout
We can decompose Q as
Q(ρ) =
Ai ρA†i ,
i∈I
where Ai ’s are error operators with i∈I A†i Ai equal to the identity operator.
In general Q is not invertible, unless restricted to a subspace. A subspace
C ≤ Hin is called a quantum error correcting code(QECC) for Q if there is a
decoding operator D such that
DQ|ψψ| = ψψ|
(ψ ∈ C),
Quantum error-correction codes on abelian groups
or equivalently
PC A†k A PC = αk PC
61
(k, ∈ I),
for some constants αk , where PC is the projection operator onto C [5].
Now let G be a finite abelian group and Gn = G × · · · × G (n copies). A
subgroup C ≤ Gn with k = |C| is called a [n, k]G code. Elements of Gn are
words x = (x1 , . . . , xn ) and the words in C are called codewords. For x, y ∈ Gn ,
the distance d(x, y) is the number of coordinates in which x and y differ. The
weight of a word x is the number wt(x) of its nonzero coordinates, where
zero is the identity of G. A [n, k]G code with minimum distance d is called a
[n, k, d]G code. When G = (F2 , +), this is nothing but the classical binary code
[n, log2 (k), d].
Suppose C1 and C2 are [n, k1 ]G and [n, k2 ]G codes with C2 ≤ C1 and C1 and
⊥
C2 both correct t errors. We define a quantum code CSSG (C1 , C2 ) capable of
correcting errors on t qubits. For a codeword x ∈ C1 put
1 |x + y
|x + C2 = |C2 | y∈C2
Note that |x + C2 only depends on the coset of C1 /C2 to which x + C2 belongs.
Also |x + C2 is orthogonal to |y + C2, if x and y are representatives of different
cosets of C2 . The quantum code CSSG (C1 , C2 ) is defined on the vector space
spanned by the states |x+C2 , where x ranges in C1 . In particular the dimension
of CSSG (C1 , C2 ) is |C1 |/|C2 |.
Suppose that a bit flip and a phase flip errors have occurred. These are
described by two ”n bit” vectors e1 , e2 ∈ Gn . If |ψ = |x + C2 is the original
state, then the corrupted state would be
1 χe2 (x + y)|x + y + e1 |ψ1 = |C2 | y∈C2
as in the binary case, the encoding process starts with introducing a ancilla (of
sufficient length) initially in the all zero state |0. We apply the parity matrix
H1 for the code C1 taking |x + y + e1 |0 to
|x + y + e1 |H1 (x + y + e1 = |x + y + e1 |H1 e1 where the above equality follows from the fact that x + y ∈ C1 , and so H1 (x +
y) = 0. The effect of this operation on |ψ1 |0 is
1 χe2 (x + y)|x + y + e1 |H1 e1 |C2 | y∈C2
Now error detection for the bit flip error is simply done by measuring the
ancilla. This gives us H1 e1 , from which we can infer e1 , since C1 can correct
up to t errors. The result of discarding the ancilla is the state
1 |ψ2 = χe2 (x + y)|x + y + e1 |C2 | y∈C2
62
Massoud Amini
Next applying the Ue†1 : |z → |z − e1 unitary gate to this state, we obtain
1 χe2 (x + y)|x + y
|ψ3 = |C2 | y∈C2
The next step is applying the quantum Fourier transform FGn = FG ⊗ · · · ⊗ FG
(n times) to |ψ3 . Using Theorem 2.1 (applied to Gn with H = C2 , a = −e2 ,
and b = x) we get
1 χe2 (y)|y + x
|ψ4 = FGn |ψ3 = χe2 (x)FGn |C2 | y∈C2
=
χe2 (x)χ−e2 (x) χx (y)|y − e2 |C2⊥ |
⊥
y∈C
1
2
=
χx (y)|y − e2 |C2⊥ | y∈C ⊥
2
As for the error detection for the bit flip, we introduce an ancilla and apply the
parity matrix H2 for C2⊥ to obtain H2 (−e2 ), and correct the phase flip error
(now showing up as a bit flip error), obtaining the state
1
χx (y)|y
|ψ5 = ⊥
|C2 | y∈C ⊥
2
Again applying FGn and using Theorem 2.1 (with H = C2⊥ , a = −x, and b = 0)
we get
χ−x (0) χ0 (y)|y − x
|ψ6 = FGn |ψ5 = |C2 | y∈C2
1 |y − x
= |C2 | y∈C2
Finally, applying the Ux2 : |z → |z + x + x unitary gate to this state, we get
back our original state
1 |y + x
|ψ = |C2 | y∈C2
with a slight modification of the above proof, we have
Theorem 3.1. Suppose C1 and C2 are [n, k1 , d1 ]G and [n, k2 , d2 ]G codes with
C2 ≤ C1 , let V = {v1 , . . . , vk } be the set of representatives of the quotient group
C1 /C2 , then the k = kk12 mutually orthogonal states
1 |ψi = |y + vi |C2 | y∈C2
n
are a basis for a quantum error correction code C ≤ H⊗ , where H = CG is the
group algebra of G. The code can simultaneously correct at least d12−1 spin flip
Quantum error-correction codes on abelian groups
63
errors and d22−1 phase flip errors. Its minimum distance is d ≥ min(d1 , d2 ).
We denote this QECC by CSSG (C1 , C2 ) or [[n, k, d]]G .
4. a quantum error correction protocol
In this section we use a version of the quantum error correction code CSSG (C1 , C2 )
to write a quantum error correction protocol similar to the protocol introduced
in [3] (for the case G = F2 ). Let C1 and C2 be as in the Theorem 3.1, for each
z,x
(C1 , C2 )
x ∈ C1⊥ and z ∈ C2 consider the quantum error correction code CSSG
with codeword states
1
|ψv,z,x = χz (w)|v + w + x
|C2 | w∈C2
where v ranges over the representatives of the |C1 |/|C2 | cosets of C2 in C1 (we
use the notation [v] as an abbreviation for the coset v + C2 . Note that the
number of these states is
|C1 |/|C2 |.|C2 |.|C1⊥ | = |Gn | = |G|n
We show that these states are mutually orthogonal, and therefore form a basis
for an |G|n -dimensional vector space.
Lemma 4.1.
z∈C2 |ψv,z,x ψv,z,x | =
w∈C2 |v + w + xv + w + x|
Proof Using Lemma 2.2 applied to Gn (with H = C2 and x = w1 − w2 ) we
have
1 |ψv,z,x ψv,z,x | =
χz (w1 − w2 )|v + w1 + xv + w2 + x|
|C2 |
z∈C2 w1 ,w2 ∈C2
z∈C2
=
w1 ,w2 ∈C2
=
1 χw1 −w2 (z) |v + w1 + xv + w2 + x|
|C2 |
z∈C2
δw1 ,w2 |v + w1 + xv + w2 + x|
w1 ,w2 ∈C2
=
|v + w + xv + w + x|.
w∈C2
Let us use the abbreviation v,z,x to denote the summation over all [v] ∈
C1 /C2 , z ∈ C2 , and x ∈ C1⊥ .
n
Lemma 4.2.
v,z,x |ψv,z,x ψv,z,x | = I, the identity operator on CG .
By above lemma
|ψv,z,x ψv,z,x | =
|v + w + xv + w + x|
v,z,x
v,x w∈C2
64
Massoud Amini
but each y ∈ Gn has a unique decomposition y = v+w+x, for some [v] ∈ C1 /C2 ,
w ∈ C2 , and x ∈ C1⊥ . Therefore the last sum is the same as
|yy| = I.
y∈Gn
A similar argument proves
Lemma 4.3.
v,z,x |ψv,z,x |ψv,z,x =
y∈Gn |y|y.
Now we are ready to present our quantum error correction protocol. It is
based on the modified Lo-Chau protocol [6] and follows the presentation of a
similar construction as reported in [8]. It uses our quantum error correction
code to perform entanglement distillation. The basic difference here is the
meaning of a ”qubit”. For us a qubit is a basis element of H = CG, namely
a state of the form |t, where t ∈ G (bit has a similar meaning). Also let us
remind that the standard basis of H is {|t : t ∈ G}. So for the given finite
abelian group G, we have the following protocol.
QKD protocol: CSSG codes
1: Alice creates n random check bits, a random m bit key k, and two random
z,x
(C1 , C2 ). She also
n bit strings x and z. She encodes |k in the code CSSG
encodes n qubits according to the check bits.
2: Alice randomly chooses n positions (out of 2n) and puts the check qubits
in these positions and the encoded qubits in the remaining positions.
3: Alice selects a random 2n bit string b and performs a Fourier transform
FG on each qubit for which b is not 0 (0 is the identity of G).
4: Alice sends the resulting qubits to Bob.
5: Bob receives the qubits and publicly announces this fact.
6: Alice announces b, z, x, and which n qubits are to provide check bits.
7: Bob performs the Fourier transform on the qubits where b is not 0.
8: Bob measures the n check qubits in the standard basis, and publicly
shares the results with Alice. If more than t of these disagree, they abort the
protocol.
z,x
(C1 , C2 ).
9: Bob decodes the remaining n qubits from CSSG
10: Bob measures his qubits to obtain the shared secret key k.
A series of remarks are in order. We have employed CSSG (C1 , C2 ) code,
which we assumed to encode m qubits in n qubits and correct up to t errors.
The Alice’s n EPR pair state may be written as the equal states given in
Lemma 4.3. Note the labels are separated to indicate the qubits Alice keeps,
Quantum error-correction codes on abelian groups
65
and the ones she sends to Bob. If Alice wants to measure her remaining qubits
according to the check matrix for CSSG (C1 , C2 ), she obtains random values for
x and z, and if she wants to measure the m EPR pair in the standard basis,
she obtains a random choice of v. Then the remaining n qubits are left in the
z,x
(C1 , C2 ) and is the encoded
state |ψv,z,x , which is the codeword for v in CSSG
version of the state k.
Following [10], one may do the following modifications in the protocol. Bob
measures his qubits in the standard basis (which is e version of the Z basis
in the binary case) after decoding so the phase correction sent as z by Alice
is irrelevant. Therefore, instead of decoding and then measuring, Bob can
immediately measure to obtain v + w + x (up to some error), then decode
(classically ) as follows. He can subtract the announced value of x and correct
the result to a codeword in C1 , which would be v + w if the distance of the
code is not exceeded. Then the key k is the coset v + w + C2 in C1 . Now as
Alice need not reveal z, she is effectively sending a mixed state averaged over
random values of z, which by Lemma 4.1 is
1 |v + w + xv + w + x|
|G|n
w∈C2
To create this state, Alice only needs to choose w ∈ C2 randomly and construct
|v + w + x with her random values of x and k. Also if Alice happens to choose
v ∈ C1 (rather than [v] ∈ C1 /C2 ), then w is unnecessary. In this case, Alice may
choose x at random, send |x so that Bob receives and measures x (with some
error), then Alice sends x − v, which is subtracted by Bob to obtain v (with
some error). This leaves no difference between the random check bits and the
code bits. Finally to avoid the performance of the Fourier transform by Alice,
she can encode her qubits in the standard basis {|t : t ∈ G} or the Fourier
basis {|χt : t ∈ G}, according to the bits of b, where
|χt =
1 χt (s)|s
|G|
s∈G
Then Bob could measure the received qubits randomly in the standard or
Fourier bases. When Alice subsequently announces b, they can keep only those
bits for which their bases were the same. As they are most likely to discard
half of their bits, they should start with a little more than twice the number
of original random bits. This way Alice can delay her choice of check bits
until after discarding. This allows us to avoid the use of quantum memory
and perform the encoding and decoding classically. Summing up we have the
following version of BB84, adapted to the group G.
QKD protocol: BB84G codes
1: Alice creates (4 + δ)n random bits.
66
Massoud Amini
2: Alice creates for each bit a qubit in the standard or Fourier basis, according to a random bit string b (uses standard basis if at bits for which b is 0,
and the Fourier basis otherwise).
3: Alice sends the resulting qubits to Bob.
4: Alice chooses a random v ∈ C1 .
5: Bob receives the qubits, publicly announces this fact, and measures each
in the standard or Fourier basis at random.
6: Alice announces b.
7: Alice and Bob discard those bits Bob measured in a basis other than the
one instructed by b. With high probability, there are at least 2n bits left (if not
abort the protocol). Alice decides randomly on a set of 2n bits to continue to
use, randomly selects n of these to be check bits, and announces the selection.
8: Alice and Bob publicly compare their check bits. If more than t of these
disagree, they abort the protocol. Alice is left with the n bit string x, and Bob
with x + ε.
9: Alice announces x − v. Bob subtracts this from his result, correcting it
with code C1 to obtain v.
10: Alice and Bob compute the coset v + C2 in C1 /C2 to obtain the key k.
References
[1] C. H. Bennet, G. Brassard, Quantum cryptography: Public key distribution and coin
tossing, in: Proceedings of IEEE International Conference on Computers, Systems and
Signal rocessing, Banglore, India, 1984, pp. 175-179. Also available as the IBM Technical
Disclosure Bulletine 28 (1985), 3153-3163.
[2] E. Biham, M. Boyer, P.O. Boykin, T. Mor, V. Roychowdhury, A proof of the security
of quantum key distribution, in: Proceedings of the Thirty Second Annual ACM Symposium on Theory of Computation, 2000, pp. 715-724. Also available online at arXive:
quant-ph/9912053.
[3] A.R. Calderbank , P. Shor, Good quantum error correcting codes exist, Phys. Rev.,
Series A, 54 (1996), 1098-1105, also available online at arXive: quant-ph/9512032.
[4] R. Jozsa , Quantum algorithms and the Fourier transform, quantum coherence and
decoherence, Proc. Roy. Soc. London, Series A, 454 no. 1969 (1998), 323-332, also
available online at arXiv:quant-ph/97033.
[5] K. Kraus, States, effects, and operations, Lect. Notes Phys., vol. 190, Speringer-Verlag,
Berlin, 1983.
[6] H.K. Lo, H. F. Chau, Unconditional security of quantum key distribution over arbitrary
long distances, Science 283 (1999), 2050-2056, also available online at arXive: quantph/9803006.
[7] D. Meyers, Unconditional security in quantum cryptography, J. Assoc. Computing Machinery, 48 (3) (2001), 351-406, also available online at arXive:quant-ph/9802025.
[8] M.A. Nielsen, I. L. Chuang, Quantum Computation and Quantum Information, Cambridge University Press, Cambridge, 2000.
Quantum error-correction codes on abelian groups
67
[9] W. Rudin, Fourier Analysis on Groups, John Wiley, New York, 1990.
[10] P.W. Shor, J. Priskill, Simple proof of security of the BB84 quantum key distribution
protocol, Phys. Rev. Lett., 85 (2) (2000), 441-444, also available online at arXive quantph/0003004.
[11] A. M. Steane, Multiple particle interference and error correction, Proc. Roy. Soc. London, Series A, 452 (1996), 2551-2577.